Job Search

Apple Fixes Critical Triple-handshake Flaw

25/04/2014 by

Apple has fixed a critical “triple-handshake” crypto vulnerability with a round of OS X and iOS updates that would allow an attacker with a privileged network position to capture data or change the operations performed in sessions protected by SSL.

According to Secure Resumption, the triple-handshake issue can be described like this: “If a TLS client connects to a malicious server and presents a client credential, the server can then impersonate the client at any other server that accepts the same credential. Concretely, the malicious server performs a man-in-the-middle attack on three successive handshakes between the honest client and server, and succeeds in impersonating the client on the third handshake.”

Montash is a multi-award winning, global IT recruitment firm. Specialising in permanent and contract positions across mid-senior appointments which cover a wide range of industry sectors and IT functions, including:

With offices based in London, Montash has completed assignments in over 30 countries and has appointed technical professionals from board level to senior and mid-management in permanent and contract roles.